This topic describes how to create a Resource Access Management (RAM) user. A RAM user is an entity that you create in RAM to represent an O&M engineer or application. After you create a RAM user and grant the relevant permissions to the RAM user, the RAM user can access the required Alibaba Cloud resources.
Procedure
- Log on to the RAM console by using your Alibaba Cloud account.
- In the left-side navigation pane, choose .
- On the Users page, click Create User.
- In the User Account Information section of the Create User page, configure the Logon Name and Display Name parameters. Note You can click Add User to create multiple RAM users at a time.
- In the Access Mode section, select an access mode.
- Console Access: If you select this option, you must complete the logon security settings. These settings specify whether to use a system-generated or custom logon password, whether the password must be reset upon the next logon, and whether to enable multi-factor authentication (MFA). Note If you select Custom Logon Password in the Console Password section, you must specify a password. The password must meet the complexity requirements. For more information about the complexity requirements, see Configure a password policy for RAM users.
- OpenAPI Access: If you select this option, an AccessKey pair is automatically created for the RAM user. The RAM user can call API operations or use other development tools to access Alibaba Cloud resources.
Note To ensure the security of the Alibaba Cloud account, we recommend that you select only one access mode for the RAM user. This prevents the RAM user from using an AccessKey pair to access Alibaba Cloud resources after the RAM user leaves the organization. - Console Access: If you select this option, you must complete the logon security settings. These settings specify whether to use a system-generated or custom logon password, whether the password must be reset upon the next logon, and whether to enable multi-factor authentication (MFA).
- Click OK.
What to do next
- The created RAM user can be used to log on to the RAM console. For more information, see Log on to the Alibaba Cloud Management Console as a RAM user.
- You can attach policies to the RAM user. After you attach a policy, the RAM user can access the Alibaba Cloud resources that are specified in the policy. For more information, see Grant permissions to a RAM user.
- You can add the RAM user to RAM user groups and grant permissions to the RAM user groups. For more information, see Add a RAM user to a RAM user group.